Push-to-talk (PTT) communication services are half duplex two-way services, which are used to implement one-to-many services, and have the following characteristics: when a PTT terminal initiates a PTT call service, voice information thereof can simultaneously be transmitted to all members within a preset PTT group, and services can be set up rapidly. Based on these characteristics, the PTT communication system is widely used in industries and occasions such as government agency, public security and fire control, energy and transportation, airport and seaport, industrial and mining enterprises, military and exhibition etc.
The current PTT communication system is developed based on the second generation mobile communication technology, i.e., the Global System For Mobile Communication (GSM) technology. In addition, with the increasing mature and commercial popularization of the new mobile communication technology, the PTT communication system will evolve to a system which adopts a communication technology such as the 3nd Generation (3G) communication technology or 4th Generation (4G) communication technology etc., since the use of the more advanced communication technology is the evolution direction of the PTT communication services.
In addition, most scientific research institutions also study a subject of how to combine the PTT communication system with a public network, wherein, when the PTT communication system is combined with the public network, how to make use of the mature public security architecture of the public network to implement security of PTT communication is a problem to be solved.
However, the encryption method of the PTT communication system in the related art is not based on the security architecture of the public network, which is primarily achieved in the following several types of manners:
1. Using an end-to-end encryption method. A general encryption module is added in the terminal, and no matter whether the terminal is an encryption terminal or a decryption terminal, the same encryption/decryption algorithm and key are used. When the method is applied, the key is transmitted via an air interface, and the security completely depends on the complexity of the encryption algorithm. Therefore, in a practical implementation process, if the intensity of the encryption algorithm is not enough, the encryption algorithm is easy to be broken, which results in poor security.
2. A key management center allocates multiple fixed keys dedicated to PTT communication services to the terminal, and each key is represented by a unique key identity. These fixed keys may be written into a user identification card of the terminal by a card read/write device. In the PTT group call services, the network side device controls the terminal to use a particular key through the key identity. However, in the practical application process, as a number of the keys is limited, it will result in repeated use of the keys, which will largely reduce the security of the PTT communication system, and as the keys in the user identification card of the terminal need to be written by a particular card read/write apparatus, it is disadvantage for subsequent timely update of the keys.
3. The key management center generates a new key. In consideration of the security problem, the key cannot be directly transmitted through an air interface message. Therefore, in the group call process, the new key is encrypted by using a key which is negotiated between a particular terminal and the network side device, to obtain Keycipher, and Keycipher is transmitted through an air interface message. The key which is negotiated between the network side device and the terminal may be a key which is currently used, or may also be a key which is fixedly used by a particular PTT group etc. The terminal uses the key which is negotiated to decrypt Keyciper in the air interface message, to obtain the newly generated key to substitute the key which is currently used. However, in the practical application, the security of the new key also depends on the security of the key which has been negotiated. Therefore, the security cannot be ensured to some extent.
In addition, a feature of the PTT group call service is that a voice of a calling user can be received by multiple listening users in the same group at the same time. In a practical implementation, if a set of resources are allocated to each listening user to implement the group call function, an encryption mechanism of the public network can be directly used to implement encryption of the group call, but there will be a large number of network resources which are occupied by one group call. In addition, the encrypted key generation and use mechanism of the public network is only suitable for a single user. If the same set of keys is to be generated and used by users in the same group call, it needs to implement by a new set of mechanisms.